Computer systems are well known in the art and have attained widespread use for providing computer power to many segments of today's modern society. As advances in semiconductor processing and computer architecture continue to push the performance of computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems that continue to increase in complexity and power. Computer systems have thus evolved into extremely sophisticated devices that may be found in many different settings.
Many organizations utilize server computer systems for more complicated tasks such as providing e-commerce websites, providing complex multi-user applications, maintaining large databases, or performing other resource-intensive tasks. Organizations with significant computing needs often have many servers performing a wide variety of tasks with the servers communicating with each other via a network such as a local area network (LAN). In these systems, individual users may interact with the servers to access various system resources, such as applications, databases, or other resources, so that the systems resources may be shared by multiple users.
Users often arrive at their target server (i.e., the software server to which they desire to gain access) by successfully navigating authentications at multiple levels. A user, for example, desiring to access a target server which is a database may have to first authenticate to their computer's operating system, next authenticate to a Virtual Private Network (VPN) from the Internet to access a corporate network, then authenticate to a firewall to access a lab, and lastly authentication with the database residing on a machine in the lab. Other authentication steps are possible, such as establishing a remote control session to login to a remote machine, a remote shell session such as with SSH or Telnet, or other steps.
Such a system of cascading authentications, however, can result in security risks if a hacker can “skip” layers and begin their authentication attempt from as few layers from the target server as possible. If someone desires to masquerade as a particular user, for example, it is much easier to guess or obtain one set of credentials rather than multiple sets (assuming different credentials at each layer). It is accordingly typically easier to gain unauthorized access as an “insider” in part because there are fewer layers. In an illustrative example, a system with four layers of authentication can be assumed: an outer wall with a 95% chance of stopping a hacker, an inner firewall with a 93% chance, a secure system with a 90% chance, and application-level authentication with an 85% chance. The cumulative probability of making all the way from the outside to the application is one minus the chance of getting stopped at each point, cascaded through the system, resulting in a probability of (0.05)(0.07)(0.10)(0.15)=0.0000525. In contrast, an insider in this example with direct access to the application would have a 15% chance (0.15) of penetrating the application as they avoid the previous levels of authentication.
System designers have attempted to solve the problem of hackers skipping levels of authentication by emulating an insider. One known solution is to allow authentication only from a defined IP or MAC address to limit access to the specified address. This solution, however, is often not practical, particularly when a VPN is involved. Moreover, this solution is insufficient when the authorized machine is shared, does not take full advantage of all of the authentication layers, and can be easily spoofed. Another known solution is to require additional authentication, such as a smart card or other device. This solution, however, requires significant infrastructure costs and adds to user inconvenience. Both of these problems are exacerbated if the user has to be authenticating multiple layers as a separate smart card would typically be required for each of the multiple layers.